CVSS: 9.8EPSS: 2%CPEs: 27EXPL: 0CVE-2015-0192 – JDK: unspecified Java sandbox restrictions bypass
https://notcve.org/view.php?id=CVE-2015-0192
13 May 2015 — Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine. Vulnerabilidad no especificada en IBM Java 8 anterior a SR1, 7 R1 anterior a SR2 FP11, 7 anterior a SR9, 6 R1 anterior a SR8 FP4, 6 anterior a SR16 FP4, y 5.0 anterior a SR16 FP10 permite a atacantes remotos ganar privilegios a través de vectores desconocidos... • http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html •
CVSS: 10.0EPSS: 6%CPEs: 5EXPL: 0CVE-2014-8891 – JDK: unspecified full Java sandbox bypass fixed in Feb 2015 update
https://notcve.org/view.php?id=CVE-2014-8891
05 Feb 2015 — Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to escape the Java sandbox and execute arbitrary code via unspecified vectors related to the security manager. Vulnerabilidad no especificada en Java Virtual Machine (JVM) en IBM SDK, Java Technology Edition 5.0 anterior a SR16-FP9, 6 anterior a SR16-FP3, 6R1 anterior a SR8-FP3, 7 anterio... • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00021.html •
CVSS: 7.8EPSS: 1%CPEs: 5EXPL: 0CVE-2014-8892 – JDK: unspecified partial Java sandbox bypass fixed in Feb 2015 update
https://notcve.org/view.php?id=CVE-2014-8892
05 Feb 2015 — Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to bypass intended access permissions and obtain sensitive information via unspecified vectors related to the security manager. Vulnerabilidad no especificada en Java Virtual Machine (JVM) en IBM SDK, Java Technology Edition 5.0 anterior a SR16-FP9, 6 anterior a SR16-FP3, 6R1 anterior a S... • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00021.html •
CVSS: 9.1EPSS: 0%CPEs: 46EXPL: 0CVE-2014-3068 – JDK: Java CMS keystore provider potentially allows brute-force private key recovery
https://notcve.org/view.php?id=CVE-2014-3068
02 Dec 2014 — IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 before SR7 FP1 (7.0.7.1), 6 R1 before SR8 FP1 (6.1.8.1), 6 before SR16 FP1 (6.0.16.1), and before 5.0 SR16 FP7 (5.0.16.7) allows attackers to obtain the private key from a Certificate Management System (CMS) keystore via a brute force attack. IBM Java Runtime Environment (JRE) 7 R1 anterior a SR1 FP1 (7.1.1.1), 7 anterior a SR7 FP1 (7.0.7.1), 6 R1 anterior a SR8 FP1 (6.1.8.1), 6 anterior a SR16 FP1 (6.0.16.1), y anterior a 5.0 SR16 FP7 (5.0... • http://rhn.redhat.com/errata/RHSA-2015-0264.html • CWE-255: Credentials Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 46EXPL: 0CVE-2014-3065 – JDK: privilege escalation via shared class cache
https://notcve.org/view.php?id=CVE-2014-3065
20 Nov 2014 — Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8 (5.0.16.8) allows local users to execute arbitrary code via vectors related to the shared classes cache. Vulnerabilidad no especificada en IBM Java Runtime Environment (JRE) 7 R1 anterior a SR2 (7.1.2.0), 7 anterior a SR8 (7.0.8.0), 6 R1 anterior a SR8 FP2 (6.1.8.2), 6 anterior a SR16 FP2 (6.0.16.2), y anterior a S... • http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.8EPSS: 0%CPEs: 53EXPL: 0CVE-2014-0878 – JDK: Vulnerability in the IBMSecureRandom implementation of the IBMJCE and IBMSecureRandom cryptographic providers
https://notcve.org/view.php?id=CVE-2014-0878
26 May 2014 — The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before Service Refresh 8, 7 before Service Refresh 7, and 7R1 before Service Refresh 1 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the random number generator's output. El componente IBMSecureRandom en los proveedores criptográficos IBMJCE y IBMSecureRand... • http://secunia.com/advisories/59022 • CWE-310: Cryptographic Issues •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2013-0485
https://notcve.org/view.php?id=CVE-2013-0485
21 Jan 2014 — Unspecified vulnerability in IBM Java SDK 7 before SR4-FP1, 6 before SR13-FP1, 5.0 before SR16-FP1, and 1.4.2 before SR13-FP16 has unknown impact and attack vectors related to Class Libraries. Vulnerabilidad no especificada en IBM Java SDK 7 en versiones anteriores a SR4-FP1, 6 en versiones anteriores a SR13-FP1, 5.0 en versiones anteriores a SR16-FP1 y 1.4.2 en versiones anteriores a SR13-FP16 tiene impacto desconocido y vectores de ataque relacionados con Class Libraries. • http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2013-4041 – JDK: unspecified sandbox bypass (JVM)
https://notcve.org/view.php?id=CVE-2013-4041
07 Nov 2013 — Unspecified vulnerability in IBM Java SDK 5.0.0 before SR16 FP4, 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to access restricted classes via unspecified vectors. Vulnerabilidad no especificada en el Java SDK de IBM 5.0.0 anteriores a SR16 FP4, 7.0.0 anteriores a SR6, 6.0.1 anteriores a SR7, y 6.0.0 anteriores a SR15 permite a atacantes remotos acceder clases restringidas a través de vectores no especificados. This update corrects several security vulnerabilities in the... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html •
CVSS: 9.8EPSS: 6%CPEs: 3EXPL: 0CVE-2013-5457 – JDK: unspecified sandbox bypass (ORB)
https://notcve.org/view.php?id=CVE-2013-5457
07 Nov 2013 — Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to execute arbitrary code via unspecified vectors. Vulnerabilidad no especificada en Java SDK de IBM, versiones 7.0.0 anteriores a SR6, 6.0.1 anteriores a SR7, y 6.0.0 anteriores a SR15 permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html •
CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 0CVE-2013-5458 – JDK: unspecified sandbox bypass (XML)
https://notcve.org/view.php?id=CVE-2013-5458
07 Nov 2013 — Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6 allows remote attackers to execute arbitrary code via unspecified vectors. Vulnerabilidad no especificada en IBM Java SDK 7.0.0 anteriores a SR7 permite a atacantes remotos ejecutar código de forma arbitraria a través de vectores no especificados. IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Sof... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html •